By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

patches repair about a dozen serious flaws across its product line.

SearchSecurity.com:

To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In the Oracle prerelease announcement to customers, the vendor said the CPU contains 10 new security vulnerability fixes for the Oracle Database. The flaws can be found in Job Queue, Oracle OLAP, Oracle Spatial and Oracle Streams. They affect Oracle Database 9i, 10g and 11g.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the Redwood Shores, Calif.-based vendor said in its prerelease announcement.

The CPU contains a security vulnerability fix for the Oracle Times Ten Data Server. A flaw in the real-time, in-memory database could be exploited remotely without authentication, Oracle said. It has the Common Vulnerability Scoring System (CVSS) base score of the vulnerability is 7.5.

Nine new security vulnerability fixes are planned for Oracle Secure Backup, Oracle's tape backup management software. Oracle said all the vulnerabilities may be remotely exploited without authentication. The highest CVSS base score affecting Oracle Secure Backup is 10.0 for Windows versions of the product and 7.5 for all other platforms.

Four security fixes are reserved for the Oracle Application Server. Oracle said two of them could be remotely exploitable without authentication. The highest CVSS score for the vulnerabilities was 5.0.

One fix addresses an issue with the Oracle Collaboration Suite, which provides tools and features for enterprise messaging. Oracle said the Collaborative Workspaces component of Oracle Collaboration Suite is affected by the vulnerability. Collaborative Workspaces is a program interface built on top of the collaboration suite. It allows users to share documents, schedule meetings and complete projects via a forum or email.

The CPU also has four security fixes for the Oracle E-Business Suite. Vulnerabilities can be found in Oracle iProcurement, Oracle Application Object Library and the Oracle Applications Framework and Platform Engineering.

Also, five security fixes address issues within the former BEA product line. The flaws affect Oracle WebLogic Server Plugin for Apache, Sun and IIS Web servers as well as the WebLogic Portal. Oracle said the vulnerabilities could be exploited by an attacker without authentication. The highest CVSS base score of vulnerabilities affecting Oracle WebLogic Server is 10.0 for the WebLogic Server Plugin for Apache, Sun and IIS Web servers.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy